SSO between Salesforce – Mobile app – web service provider

I’m trying to understand if it’s possible to maintain a SSO session between 3 different elements:

  • Mobile APP (Android/IOS) – developed with Salesforce SDK
  • Salesforce (Identity provider)
  • Web service provider (Web application)

The SSO to implement is considered to be the federated authentication with SAML, with Salesforce (community) configured as identity provider.

I couldn’t find clear documentation on how authentication starts and can it be maintained on the mobile app, and then switch context from mobile app to a web service provider.

I’m considering the following use case:

a) User authenticated in mobile app (Andoid/IOS) – as I understood, this is done via OAuth2, as SAML doesn’t seem to support natively the mobile app.

b) from mobile the used is sent to SP (Service provider)

  • b.1) through webview
  • b.2) or switching on browser

Is it possible to implement SSO SAML on Salesforce, so we can maintain the authentication and don’t ask again the credentials to the user?

Is there any documentation on how to implement an equivalent use case? Can this be done via standard capabilities of SDK and Salesforce SSO SAML?

EDIT—– 20200110 13:09

Researching a bit more, I found this article
Configuring SSO for Mobile and Desktop Apps Using SAML and OAuth
which is somehow clear in the high level, but not so much on how to do so.

Furthermore, I’m getting confused by the indication “Salesforce org configured as a service provider” (first sentence from the section “App Support for SSO”).

Is there any demo/documentation regarding this? Is this applicable to my question?

Answer

Attribution
Source : Link , Question Author : Klodj_Meta , Answer Author : Community

Leave a Comment